Distributing Public WAN Addresses using an EdgeRouter X

You’ve read the title, so you must be wondering if Ubiquiti can even do it. I wondered the same thing and with the help of Launtel, it was eventually figured out.

What you need.

I was able to get this working with just an EdgeRouter X. It has some switch ports on it but cant do real client device isolation that I would have liked. You can use an L2 switch for this if you’d like. The way this is set up enables that.

I reached out to my ISP Launtel to see if they would let me use a block of their IP Addresses which they ultimately agreed too. After some conversation they agreed to let me use a /29 block temporarily.

You also need to research how your ISP handles giving out IP addresses. Most ISPs in Australia (Launtel included) use DHCPv4 for this with no VLAN tagging. If your ISP uses something like PPPoE (looking at you Telstra), it might be doable but not something I’ve tested.

How to set it up?

Start off by initially configuring the EdgeRouter. When you first boot it up it should have a default address, I ended up plugging one of the ports into my Unifi Dream Router (UDR) and giving it a DHCP address so I could access it without using a direct connection. Below is the settings I used to achieve this. The EdgeRouter should now be accessible at whatever address it ended up getting.

We now have access to the UDR, log into the web panel at its IP address using ubnt/ubnt which is the default password upon setup. From there, you need not do too much. Go through the basic configuration wizard with the following settings:

Make sure you create a strong password for setting up a new user account.

Bitwarden has a password generator available here: https://bitwarden.com/password-generator/

After the setup has been done, go to the IP address from earlier and log in to your account using the new password. I hope you have a password manager.

From here, you can start the setup of your EdgeRouter. We are going to use Eth0 as the WAN port. Open the configuration and set the following settings:

I checked back and sure enough, I now have my Public IP Address on Eth0.

The next step is setting up the port that will distribute the Public IP Addresses. Usually this would plug into a switch that can do client device isolation but I do not have this equipment on hand. I chose Eth3 for this purpose.

Your ISP should give you an IPv4 block, usually in small amounts. For this test I was given an address block of /29 by Launtel. It should look something like this: 192.168.4.216/29

On Eth3 you would assign the following address to it: 192.168.4.217/29

Eth3 should now be assigned this IP address using this range. We now need to set up the DHCP server that will distribute the WAN addresses. Go to the Services tab and press <Add DHCP Server>.

Set it up using the IP block you were given and worked out above. For the subnet you will use the entire IP block given to you by the ISP. In this case it was 192.168.4.216/29. The first usable address is used by the Eth3 interface, so you start the usable addresses from .218. The router address is the Eth3 IP address (192.168.4.217). DNS Servers can be whatever you want, CloudFlare is generally pretty good.

Because the router address is Eth3, you shouldn’t need to assign it to the port manually.

Plug in the switch and start connecting your Routers/Services and see if they can request addresses. If they can, it will show up under the DHCP server.

Congratulations, you are now distributing Public IP addresses to your clients / routers.

Things to keep in mind.

• This is not a 100% solution that will work for everyone. This is what worked for me.
• Your ISP may not be as cool as Launtel and refuse you usage because you are not a business. Telstra just flat out refuses to give you a normal static address to begin with.
• Acquiring an IP block will cost you a non-insignificant amount for permanent use.
• There may be configuration errors, for your environment that was never a problem for me. Comment below and I will try to provide reasonable help.
• Your EdgeRouter will be accessible to the world. Please create a suitable password. 50 Characters is not overkill.
• I turned off all my firewall rules as the UDR will handle that. Please be cautious about what ports you open if this will be your main firewall.
• While I didnt use the UISP portal during this process, I do recommend connecting the EdgeRouter to the UISP portal.

Why would I want to do this?

Its cool. I don’t really have anything else for you. There might be legitimate business uses but I was not able to test client device isolation. The EdgeSwitch specifications do say this is a feature. I will be buying one to test soon.

Thanks for joining me in this journey and a big thank you to Damien and Faye for their help during this process.